Internal — Ergomotion Engineering

IOR Automation — Build Plan

10 tickets across 6 weeks. Two engineers, parallel tracks, zero idle time.

Tech Lead — Nayan
Full-Stack Engineer
6 Weeks • March 2026

How 6 Weeks Works

Team

Tech Lead — Nayan

Architecture, VPC/IAM/security, core business logic (processor, ETL, comparison engine), SAP coordination, code review, cutover. ~40% of total work.

❮/❯

Full-Stack Engineer

CDK stacks (S3, DynamoDB, ECS, CF), CI/CD, Lambda replication, React frontend, Docker, validation scripts, monitoring, tests. ~60% of total work.

External Dependency: 6 of 8 SAP APIs must be built by the SAP team. Only ZFMIOR002 and ZFMIOR003 are live. This does NOT block the 6-week timeline — all Lambdas are built against mocks. Swap URL when APIs ship.
10 Tickets
T-01 Infrastructure Foundation & CI/CD Week 1
TaskOwner
Design VPC (public/private subnets, NAT, security groups)Tech Lead
CDK project scaffolding (infra/, app.py, base stacks)Full-Stack
Secrets Manager entries (SAP API creds, JWT secret)Tech Lead
GitHub Actions: Infrastructure pipeline (cdk diff → deploy)Full-Stack
GitHub Actions: Backend pipeline (Docker → ECR → ECS)Full-Stack
GitHub Actions: Frontend pipeline (build → S3 → CloudFront)Full-Stack
GitHub Actions: Lambda/ETL pipeline (package → deploy)Full-Stack
ECR repository CDK constructFull-Stack
Deliverable: cdk deploy creates VPC + networking. 4 CI/CD pipelines run on push. Secrets stored.
T-02 Storage Layer (S3 + DynamoDB) Week 1
TaskOwner
S3 buckets CDK (6 buckets, lifecycle policies, SSE-KMS)Full-Stack
DynamoDB tables CDK (4 tables, on-demand billing)Full-Stack
S3 Object Lock for audit bucket (COMPLIANCE mode, 7yr)Tech Lead
Cross-account S3 bucket policy (SD-WAN → IOR read)Tech Lead
IAM roles: Lambda execution, ECS task role, S3 policiesTech Lead
Deliverable: 6 S3 buckets + 4 DynamoDB tables deployed. Cross-account policy for SD-WAN. IAM roles ready.
T-03 SAP Data Ingestion Lambdas Week 2
TaskOwner
Write ingest-product-weights Lambda template (ZFMIOR002 → S3)Tech Lead
SQS Dead Letter Queue + 3x retry → SNS alertTech Lead
EventBridge schedules (daily + weekly)Full-Stack
Replicate pattern for remaining 6 ingestion LambdasFull-Stack
Unit tests for all 7 Lambdas (mock SAP responses)Full-Stack
Deliverable: 7 Lambda functions deployed. #1-#2 tested against live SAP. #3-#7 tested against mocks.
T-04 ETL Processing (Raw → DynamoDB) Week 3
TaskOwner
etl-product-master (merge ZFMIOR002+ZEMM005, derived weights)Tech Lead
etl-hts-reference (cross-reference, rate validation)Tech Lead
etl-transactions (parse ZSDR002/ZEMM004)Tech Lead
Schema validation framework (shared across ETL)Tech Lead
etl-packaging (simple normalize)Full-Stack
SNS quality alert integrationFull-Stack
Tests: ETL output matches current CSV dataFull-Stack
Deliverable: 4 ETL Lambdas deployed. Raw JSON → validated → DynamoDB. Quality alerts live.
T-05 Shadow Mode & Data Validation Week 3
TaskOwner
Shadow mode flag (pipeline writes DynamoDB, app reads CSVs)Tech Lead
Validation: ProductMaster vs Product_List.csvFull-Stack
Validation: HTSReference vs HTS_Code.csvFull-Stack
Validation: TariffSequencing vs HTS Tariff.csvFull-Stack
Validation: PackagingMaterials vs Packaging_Material.csvFull-Stack
Fix data mapping mismatchesTech Lead
Deliverable: Automated validation proves DynamoDB matches CSV to 100%. Sign-off to proceed.
T-06 Backend Migration to ECS Fargate Week 4
TaskOwner
Refactor data_loader.py: DynamoDB reads + TTL caching + fallbackTech Lead
Add GET /api/customs-lines endpointFull-Stack
Add POST /api/compare endpointFull-Stack
Dockerfile for FastAPI appFull-Stack
CDK: ECS Fargate (1 vCPU/2GB), ALB, auto-scalingFull-Stack
CDK: WAF rules on ALBFull-Stack
Test: processor.py identical output from DynamoDB vs CSVTech Lead
Deliverable: FastAPI on ECS Fargate behind ALB. Verified output parity with CSV source.
T-07 Frontend Migration to CloudFront Week 5
TaskOwner
CDK: S3 + CloudFront distribution + OACFull-Stack
Build Customs Lines Dashboard pageFull-Stack
Build Comparison Report pageFull-Stack
Wire dashboards to API endpointsFull-Stack
UX review and design directionTech Lead
Code review all new componentsTech Lead
Deliverable: React frontend on CloudFront with new dashboard pages.
T-08 Auth System Fix & User Migration Week 4
TaskOwner
Fix main.py: remove TESTING_MODE, fix DI chainTech Lead
Migrate users.json → DynamoDB Users tableTech Lead
Update user_storage.py to DynamoDBTech Lead
Frontend: remove mock admin, uncomment auth checkFull-Stack
Test login/logout for admin & operator rolesFull-Stack
Add credentials: 'include' to audit HTML fetchesFull-Stack
Deliverable: Auth fully working. Both roles can log in and access appropriate content.
T-09 Auto-Generation & Comparison Engine Week 5
TaskOwner
generate-customs-lines Lambda (reuses processor.py)Tech Lead
EventBridge daily trigger (after ETL)Tech Lead
comparison.py engine (field-by-field, tolerances)Tech Lead
Comparison Lambda (chained after generation)Tech Lead
SNS discrepancy alertsFull-Stack
Integration tests: generate → compare → reportFull-Stack
Comparison report UI componentFull-Stack
Deliverable: Daily pipeline: ingest → generate customs lines → compare vs ZSDR002 → alert.
T-10 Monitoring, Testing & Production Cutover Week 6
TaskOwner
CloudWatch dashboards CDKFull-Stack
CloudWatch alarms (ETL fail, SAP down, comparison fail)Full-Stack
SNS → email/Slack alert routingFull-Stack
Parallel run: old system alongside new (3-5 days)Tech Lead Full-Stack
Validate output parity: manual = automatedTech Lead
Production runbook (restart, rollback, health checks)Full-Stack
Cutover decision and executionTech Lead
Verify manual upload fallback post-cutoverFull-Stack
Deliverable: Production live. Monitoring active. Runbook written. Fallback verified.
Week-by-Week Parallel Tracks
Wk 1
Tech Lead
T1 + T2
VPC design, IAM roles, Secrets, audit S3 lock, cross-account policy
Full-Stack
T1 + T2
CDK scaffold, 4 CI/CD pipelines, S3 buckets, DynamoDB tables, ECR
Wk 2
Tech Lead
T3
Template Lambda, SQS/DLQ pattern, retry logic
Full-Stack
T3
Replicate 6 Lambdas from template, EventBridge, unit tests
Wk 3
Tech Lead
T4
3 ETL jobs (product-master, hts-reference, transactions), schema framework
Full-Stack
T4 + T5
etl-packaging, SNS alerts, then 4 validation scripts (shadow mode)
Wk 4
Tech Lead
T6 + T8
data_loader.py refactor, auth fix (main.py, user_storage.py, DynamoDB users)
Full-Stack
T6 + T8
Dockerfile, ECS/ALB/WAF CDK, new API endpoints, frontend auth cleanup
Wk 5
Tech Lead
T9
comparison.py engine, generate-customs-lines Lambda, orchestration
Full-Stack
T7 + T9
CloudFront CDK, React dashboards (customs lines + comparison), SNS alerts
Wk 6
Tech Lead
T10
Parallel run validation, output parity check, cutover decision
Full-Stack
T10
CloudWatch dashboards + alarms, SNS routing, runbook, fallback test
Workload Split
TicketTech LeadFull-StackWeek
T1 Infra + CI/CD30%70%1
T2 Storage Layer30%70%1
T3 Ingestion Lambdas35%65%2
T4 ETL Processing70%30%3
T5 Shadow Validation20%80%3
T6 Backend → ECS40%60%4
T7 Frontend → CF15%85%5
T8 Auth Fix65%35%4
T9 Auto-Gen + Compare70%30%5
T10 Monitor + Cutover35%65%6
Tech Lead ~40% Full-Stack ~60%
Open Decisions (Resolve End of Week 1)

ETL Technology

Recommended: Lambda

Tiny data volume (~73 products, ~67 packaging, ~21 HTS). Lambda + pandas is 35x cheaper than Glue.

Authentication

Recommended: JWT + DynamoDB

Lowest risk. Move users.json to DynamoDB. Defer Cognito/Entra ID until M365 decision is final.

Risk Mitigations
RiskMitigation
SAP team delays on 6 APIsBuild against mocks from day 1. Swap URLs when APIs ship.
6 weeks is tightParallel tracks every week. No idle time. Daily standups.
Cross-account S3 complexityAgreed Mar 26 meeting. Test in Week 1.
Auth migration breaks thingsT8 isolated in Week 4. Test in staging first.
Processor output differsShadow mode (T5 Week 3) catches before cutover.
Scope creepDocument Distribution Pipeline is OUT. No exceptions.